From 198dc1784514b800c3e69153839084a55ebf2e84 Mon Sep 17 00:00:00 2001 From: Tobias Kaufmann Date: Fri, 31 Jul 2020 10:57:39 +0200 Subject: [PATCH] core: fix set keep caps for ambient capabilities The securebit keep-caps retains the capabilities in the permitted set over an UID change (ambient capabilities are cleared though). Setting the keep-caps securebit after the uid change and before execve doesn't make sense as it is cleared during execve and there is no additional user ID change after this point. Altough the documentation (man 7 capabilities) is ambigious, keep-caps is reset during execve although keep-caps-locked is set. After execve only keep-caps-locked is set and keep-caps is cleared. --- src/core/execute.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index a04c8801c93..694033e82c1 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -4296,15 +4296,6 @@ static int exec_child( *exit_status = EXIT_CAPABILITIES; return log_unit_error_errno(unit, r, "Failed to apply ambient capabilities (after UID change): %m"); } - - /* If we were asked to change user and ambient capabilities - * were requested, we had to add keep-caps to the securebits - * so that we would maintain the inherited capability set - * through the setresuid(). Make sure that the bit is added - * also to the context secure_bits so that we don't try to - * drop the bit away next. */ - - secure_bits |= 1<